- Revision
- 293252
- Author
- [email protected]
- Date
- 2022-04-22 13:58:51 -0700 (Fri, 22 Apr 2022)
Log Message
[JSC]Throw consistent exceptions for memory.init and memory.copy
https://bugs.webkit.org/show_bug.cgi?id=239592
Patch by Geza Lore <[email protected]> on 2022-04-22
Reviewed by Yusuke Suzuki.
For a trapping Wasm memory.init and memory.copy instruction, the LLInt
used to throw OutOfBoundsMemoryAccess, but BBQ/OMG used to throw
OutOfBoundsTableAccess.
Changed BBQ/OMG to throw OutOfBoundsMemoryAccess as well.
* wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::addMemoryCopy):
(JSC::Wasm::AirIRGenerator::addMemoryInit):
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addMemoryInit):
(JSC::Wasm::B3IRGenerator::addMemoryCopy):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (293251 => 293252)
--- trunk/Source/_javascript_Core/ChangeLog 2022-04-22 20:48:29 UTC (rev 293251)
+++ trunk/Source/_javascript_Core/ChangeLog 2022-04-22 20:58:51 UTC (rev 293252)
@@ -1,3 +1,23 @@
+2022-04-22 Geza Lore <[email protected]>
+
+ [JSC]Throw consistent exceptions for memory.init and memory.copy
+ https://bugs.webkit.org/show_bug.cgi?id=239592
+
+ Reviewed by Yusuke Suzuki.
+
+ For a trapping Wasm memory.init and memory.copy instruction, the LLInt
+ used to throw OutOfBoundsMemoryAccess, but BBQ/OMG used to throw
+ OutOfBoundsTableAccess.
+
+ Changed BBQ/OMG to throw OutOfBoundsMemoryAccess as well.
+
+ * wasm/WasmAirIRGenerator.cpp:
+ (JSC::Wasm::AirIRGenerator::addMemoryCopy):
+ (JSC::Wasm::AirIRGenerator::addMemoryInit):
+ * wasm/WasmB3IRGenerator.cpp:
+ (JSC::Wasm::B3IRGenerator::addMemoryInit):
+ (JSC::Wasm::B3IRGenerator::addMemoryCopy):
+
2022-04-22 Mark Lam <[email protected]>
Apply purifyNaN in more places.
Modified: trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp (293251 => 293252)
--- trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp 2022-04-22 20:48:29 UTC (rev 293251)
+++ trunk/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp 2022-04-22 20:58:51 UTC (rev 293252)
@@ -1554,7 +1554,7 @@
emitCheck([&] {
return Inst(BranchTest32, nullptr, Arg::resCond(MacroAssembler::Zero), result, result);
}, [=, this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
- this->emitThrowException(jit, ExceptionType::OutOfBoundsTableAccess);
+ this->emitThrowException(jit, ExceptionType::OutOfBoundsMemoryAccess);
});
return { };
@@ -1580,7 +1580,7 @@
emitCheck([&] {
return Inst(BranchTest32, nullptr, Arg::resCond(MacroAssembler::Zero), result, result);
}, [=, this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
- this->emitThrowException(jit, ExceptionType::OutOfBoundsTableAccess);
+ this->emitThrowException(jit, ExceptionType::OutOfBoundsMemoryAccess);
});
return { };
Modified: trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp (293251 => 293252)
--- trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2022-04-22 20:48:29 UTC (rev 293251)
+++ trunk/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2022-04-22 20:58:51 UTC (rev 293252)
@@ -1249,7 +1249,7 @@
m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), resultValue, m_currentBlock->appendNew<Const32Value>(m_proc, origin(), 0)));
check->setGenerator([=, this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
- this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTableAccess);
+ this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
});
}
@@ -1269,7 +1269,7 @@
m_currentBlock->appendNew<Value>(m_proc, Equal, origin(), resultValue, m_currentBlock->appendNew<Const32Value>(m_proc, origin(), 0)));
check->setGenerator([=, this] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
- this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTableAccess);
+ this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
});
}
